[原文]Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.

-
漏洞信息

-
漏洞描述

A local overflow exists in Kanji On Console's (KON) fld command. The fld command fails to correctly check the size of data being entered in with the
CHARSET_REGISTRY and CHARSET_ENCODING settings resulting in a buffer overflow. With a specially crafted request, an attacker can cause execute arbitrary code with root privileges resulting in a loss of integrity.

-
时间线

公开日期:
2000-06-19

发现日期:
Unknow

利用日期:2000-06-19

解决日期:Unknow

-
解决方案

Upgrade to version 0.3.9b or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Remove the setuid bit on fld.